Astra Linux - уязвимость в node-loader-utils

A prototype pollution vulnerability exists in the parseQuery function in parseQuery.js, within the webpack-loader-utils module. This issue affects all versions prior to 1.4.1 and 2.0.3...

CVE-2026-1554

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

Sigstore Timestamp Authority 安全漏洞

Sigstore Timestamp Authority is a RFC3161 timestamp authorization software from sigstore open source. A security vulnerability exists in Sigstore Timestamp Authority versions prior to 2.0.3, which stems from mishandling of untrusted data by the api.ParseJSONRequest and api.getContentType function...

PT-2025-32963 · WordPress · Easy Restaurant Menu Manager

Name of the Vulnerable Software and Affected Versions: Easy restaurant menu manager plugin for WordPress versions prior to 2.0.3 Description: The plugin is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the nsc eprm save menu function. This allows...

CVE-2024-13275

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3...

CVE-2023-45084

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue...

SoftIron HyperCloud Security Vulnerability

SoftIron HyperCloud is an intelligent cloud architecture from SoftIron. A security vulnerability exists in SoftIron HyperCloud versions 1.0 through prior to 2.0.3, which stems from the fact that removing and re-inserting a drive caddy without rebooting causes the system to recognize the caddy as ...

servst 路径遍历漏洞

servst is a simple file server by the individual developer Andrey Polischuk. A security vulnerability exists in servst versions prior to 2.0.3, which stems from the mishandling of the filePath variable that allows an attacker to implement directory traversal...

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3...

PT-2022-17233

Name of the Vulnerable Software and Affected Versions set-in versions prior to 2.0.3 Description The issue allows an attacker to perform Prototype Pollution via the setIn method, enabling them to merge object prototypes into it. This problem stems from an incomplete fix of a previous issue...

PT-2020-14273 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: The Shard API in TensorFlow expects the last argument...

PT-2020-14280 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: A crafted TFLite model can force a node to have as...

AZL-44064 CVE-2019-10795 affecting package nodejs-nodemon 2.0.3-5

undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

Huawei EulerOS: Security Advisory for libXfont (EulerOS-SA-2019-2357)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-8016

Information exposure in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter...

Wireshark IEEE 802.11 Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A security vulnerability in the IEEE 802.11 parser in Wireshark versions 1.12.x before 1.12.11 and 2.0.x before 2.0.3 can be exploited by a remote attacker to cause a denial of...

UBUNTU-CVE-2016-4082

epan/dissectors/packet-gsmcbch.c in the GSM CBCH dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses the wrong variable to index an array, which allows remote attackers to cause a denial of service out-of-bounds access and application crash via a crafted packet...

UBUNTU-CVE-2016-4080

epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 misparses timestamp fields, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet...

Mozilla incorrectly frees used memory (MFSA 2010-03)

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory...

security flaw

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...